A Hacker Took On Unemployment Snitches (And Is Winning)
"Unemployment fraud" has been a right-wing boogeyman since the first caveman got mad at another caveman for hunting less after sustaining an injury from a mammoth. Oog. Even during a global pandemic, state governments such as Ohio are putting together systems in which employers can report employees who are choosing not to go to work and choosing safety over potential exposure. In the minds of some, if you weren't laid off "the right way," you shouldn't be able to keep a roof over your head. No handouts!
Well, luckily, an anonymous but rather ethical hacker thought that was some bullshit. While the state government might be obligated to ensure that everyone follows "the rules" about receiving unemployment, that kind of violates our national no-snitching policy and doesn't bother to question the ethics behind the rules in the first place. Ohio said there were ways to still obtain benefits with "just cause" for quitting, but that's just overcomplicating an already-complicated process that nobody wants to have to do.
So, this hacker set out to create a way to muck up the system. What they did was create a script that randomly generated employers and addresses using real-but-scrambled data from the actual top 100 employers in the state of Ohio. There's even a little CAPTCHA-defeating bit at the end, but we'll deal with the fact that this script can "prove" it's not a robot after the pandemic is over.
Anyway, the *mwah* chef's kiss on top was that this script was made available to anyone who wanted it. You could run it in the background on your computer, and it'd send bogus data through and flood the site, effectively turning this into a DDoS attack. Imagine not just one script, but hundreds, sending fake Wendy's addresses through the Ohio unemployment site at a time. Beautiful. Nobody knows for sure how many fakes were running through, but it was enough.
Finally, someone had the common sense to upgrade the CAPTCHA to a harder one for codes to solve, but the hackers are already working on beating that, too. Labor leaders had already been complaining about the snitching, but the Republican government in Ohio wasn't gonna listen to union reps, so now that they're considering adjusting this reporting policy (we assume in part because of the hack). If you're going to mandate that people stay at home, don't be surprised when that gives hackers with a conscience a bunch of free time.
Isaac is on Twitter and Instagram @NotFunnyIsaac.
Top Image: geralt/Pixabay